Search This Blog

Navigation

WordPress sites hacked due to Netrino Exploit Kit

If you are using WordPress for your personal blog or business website, you need to upgrade your current version to WordPress 4.3 immediately to secure your website against it's latest vulnerability.

"Neutrino Exploit Kit (EK) appeared on the scene around March of 2013 and continues to remain active and incorporate new exploits. In the beginning of July, Neutrino reportedly incorporated the HackingTeam 0day (CVE-2015-5119), and in the past few days we've seen a massive uptick in the use of the kit. The cause for this uptick appears due to widespread WordPress site compromises.

ThreatLabZ started seeing a new campaign where WordPress sites running version 4.2 and lower were compromised, and the image below illustrates the components involved in this campaign." (2015 Aug 24, Zscaler.com)

I love graphic presentation, it is easier to understand the security issue. Here's the complete Neutrino WordPress campaign provided by Zscaler ThreatLabz.

Our WordPress is fully managed by Moscom.com Web Hosting Provider. I don't have to do anything, just checking if my content management system is up to date.

I have a user in Windows Pro 7, and Windows Server 2003 environment that is frequently account locked out. I tried many different scenarios to resolve this account lockout issue, from resetting his password, changing a new password, remove and re-join the domain, rebooting the workstation and active directory servers.

I tried to use the command prompt utility to run "rundll32.exe keymgrdll, KRShowKeyMgr" (case sensitive) to delete the account in Windows 7 password cache, and still no luck.

Still searching for answer ... Let me know if you encounter a similar issue in Windows Pro 7 and Windows Server 2003.

This is a sample message that I used for terminated employees, unless HR staff specified a different message. === Example for KING.NET Employee === John Doe (employee or consultant) is no longer with KING.NET effective June 1, 2008 (termination date). For matters relating to "Project Name here" please direct your concerns to John Smith at johnsmith@king.net (Manager or Supervisor). For all other matters, please direct your email to Mary Smith HR at marysmith@king.net. Please call our main office 703-345-6789 if you have other concerns.Thank you.=== end of message ===